PWM
Last updated
Was this helpful?
Last updated
Was this helpful?
IBRACORP - YouTube: GitHub - unRAID Forum - Discord - Twitter -
Prefer a video guide? Here's the video version of this documentation:
PWM Sycotix's Repository Tools:Security
Head to the Community Applications store in Unraid
Search for and click to install 'PWM' from Sycotix's Repository
The template does not need any modifications past the port you want to reach it on, if the default of 8282 is already in use on your system.
Click done and wait for the container to pull down and start.
Open your MariaDB in Adminer (or use CLI if you prefer) and create a database called 'pwm'.
Create a user and password for the new database called 'pwm' - and grant it all privileges.
In your FreeIPA server, ensure you have a test user account. It does not require any special privileges and should be a normal user. \
**Tip: Default behaviour in FreeIPA means that when an admin user sets or resets a users password, it will automatically expire immediately. \
Sign in to FreeIPA as that user to ensure the proper password is in place. Check the expiration date of the password to be sure it's valid.**
With all the above done we are now prepared for configuration.
Left-click the PWM container and open the WebUI \
Once you see the WebUI, click Next to begin the Configuration
Select the 'Manual Configuration' option
Set a Configuration Password. This will be required any time you wish to edit the config of PWM.
Now, you can configure all the below settings. \
WARNING: YOU MUST CHANGE VALUES WHICH ARE SPECIFIC TO YOUR ENVIRONMENT. i.e. Base Domain, IP addresses and Ports.
With all the above configured, you have the minimum required to connect to your FreeIPA LDAP and use it for authentication.
Select Save in the very top-right of the Configuration Editor.
Once it sends you back to the login screen, select Configuration Manager.
Check that everything looks okay, it should look like this:
If it all looks clear, head to your home page and try to sign in with your FreeIPA admin account. This will allow you to check that authentication is working.
Once you sign in using an authenticated account successfully, you must now take PWM out of Configuration Mode.
Head to the Configuration Manager and select Restrict Configuration.
Profit.
You may also need to try the following settings to resolve common problems:
PWM: MySQL Connector (select version 5.1.49 - Platform Independent):
Ensure you have MariaDB installed and operational. We recommend using Adminer to manage your MariaDB. Click to see how.
Download the MySQL/Java connector package from the section above.
Tip: if you receive constant redirects, in the address bar, remove everything past the port so it looks like this: (where SERVERIP is your server which PWM is running on)
Now that you have the basics set up, you can successfully use PWM to authenticate users and process user management. However, some addition config is recommended at your own discretion in the Configuration Editor. 1. Set up your SMTP setting to allow emails to work 2. Set up your reverse proxy and DNS entries to allow the address to work externally 3. Set up your password policies 4. There's plenty more PWM can do (over 400 settings). So take your time and enjoy the process.
